Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1789

Опубликовано: 11 июн. 2015
Источник: redhat
CVSS2: 4.3

Описание

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4opensslWill not fix
Red Hat Enterprise Linux 5openssl097aWill not fix
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat JBoss Enterprise Web Server 3opensslNot affected
Red Hat Enterprise Linux 5opensslFixedRHSA-2015:119730.06.2015
Red Hat Enterprise Linux 6opensslFixedRHSA-2015:111515.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1228603OpenSSL: out-of-bounds read in X509_cmp_time

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1789

CVSS3: 7.5
ubuntu
около 10 лет назад

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

nvd логотип

CVE-2015-1789

CVSS3: 7.5
nvd
около 10 лет назад

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

debian логотип

CVE-2015-1789

CVSS3: 7.5
debian
около 10 лет назад

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before ...

github логотип

GHSA-q289-c6qx-8gxc

CVSS3: 7.5
github
около 3 лет назад

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

fstec логотип

BDU:2015-11036

fstec
около 10 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

4.3 Medium

CVSS2